3 results (0.016 seconds)

CVSS: 9.3EPSS: 3%CPEs: 40EXPL: 0

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses. El servidor AsteriskGUI HTTP en Asterisk Open Source 1.4.x antes de 1.4.19-rc3 y 1.6.x antes de 1.6.0-beta6, Business Edition C.x.x antes de C.1.6, AsteriskNOW antes de 1.0.2, Appliance Developer Kit antes de la revisión 104704 y s800i 1.0.x antes de 1.1.0.2 genera valores ID de gestión no lo suficientemente aleatorios, lo que facilita a atacantes remotos secuestrar una sesión de gestión a través de una serie de adivinaciones de ID. • http://downloads.digium.com/pub/security/AST-2008-005.html http://secunia.com/advisories/29449 http://secunia.com/advisories/29470 http://securityreason.com/securityalert/3764 http://www.securityfocus.com/archive/1/489819/100/0/threaded http://www.securityfocus.com/bid/28316 http://www.securitytracker.com/id?1019679 https://exchange.xforce.ibmcloud.com/vulnerabilities/41304 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html https://www.redhat.com/archives/ • CWE-255: Credentials Management Errors •

CVSS: 8.8EPSS: 3%CPEs: 109EXPL: 0

Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header. Vulnerabilidad no especificada en Asterisk Open Source versiones 1.2.x anteriores a 1.2.27, 1.4.x anteriores a 1.4.18.1 y 1.4.19-rc3; en Business Edition versiones A.x.x, B.x.x anteriores a B.2.5.1, y C.x.x anteriores a C.1.6.2; en AsteriskNOW versiones 1.0.x anteriores a 1.0.2; Appliance Developer Kit anteriores a 1.4 revisión 109393; y s800i versiones 1.0.x anteriores a 1.1.0.2 permite a atacantes remotos acceder al controlador del canal SIP mediante la utilización de una cabecera From especialmente construida. • http://downloads.digium.com/pub/security/AST-2008-003.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://secunia.com/advisories/29426 http://secunia.com/advisories/29456 http://secunia.com/advisories/29470 http://secunia.com/advisories/29782 http://secunia.com/advisories/29957 http://security.gentoo.org/glsa/glsa-200804-13.xml http://securitytracker.com/id?1019629 http://www.asterisk.org/node/48466 http://www.debian.org/security/2008/dsa& • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 95%CPEs: 5EXPL: 2

The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference. El controlador de canal SIP de Asterisk Open Source 1.4.x versiones anteriores a 1.4.17, Business Edition versiones anteriores a C.1.0-beta8, AsteriskNOW versiones anteriores a beta7, Appliance Developer Kit versiones anteriores a Asterisk 1.4 revision 95946, y Appliance s800i 1.0.x versiones anteriores a 1.0.3.4 permite a atacantes remotos provocar una denegación de servicio (cáida de demonio) mediante un mensaje BYE con una cabecera Also (tranfiere también), que dispara un referencia a puntero NULL. • https://www.exploit-db.com/exploits/30974 http://bugs.digium.com/view.php?id=11637 http://downloads.digium.com/pub/security/AST-2008-001.html http://secunia.com/advisories/28299 http://secunia.com/advisories/28312 http://securityreason.com/securityalert/3520 http://www.securityfocus.com/archive/1/485727/100/0/threaded http://www.securityfocus.com/bid/27110 http://www.securitytracker.com/id?1019152 http://www.vupen.com/english/advisories/2008/0019 https://exchange.xforce • CWE-399: Resource Management Errors •